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(54) /U>stract Title 

User security, privacy and anonymity on tite Internet 

(57) A client accesses a destination sewer over the Internet through an intermediary or proxy sewer. The 
Intermediary sewer receives the client request over a secure encrypted connection, transforms it into a 
standard request and forwards it to the destination sewer. The request then appears to originate from the 
intermediary server. Thus logging of client Identity and client transactions is prevented. The intermediary 
sewer transforms the response and further links or references therein into a response from the Intermediary 
site before sending it to the client. Secure email may also be sent without disclosing the sender, receiver or 
content 
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At least one drawing originally filed was Informal and the print reproduced here is taken from a later filed formal copy. 
The Claims were filed later than the filing date but within the period prescribed by Rule 25(1 ) of the Patents Rules 1996. 
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METHODS AND APPARATUS 
USABLE WITH OR AFPUCABLE TO 
THE USE OF THE INTERNET 

This invention relates to methods and apparatus affordmg user security, privacy and 
anonymity on the Int^net and World Wide Web. 

Hypertext Transfer Protocol (HTTP) is the Internet Application Protocol most 
yridely used on the World Wide Web. HTTP is used by a web browser as a client 
program to make requests of Web servers through the Internet. A web browser user 
can request or open a web page fay ^ing m a Uniform R^urce Locator (URL) or 
by c&king on a hypertext link. The browser then s^kIs the HTTP request to the 
Internet Protocol (IP) address indicated fay the URL or link and the requested page is 
returned. There are many other Internet Application Protocols such as those used for 
e-mail (SMTP, POP) and file transfer (FTP) as well as proprietaiy application 
protocols which are used fay Internet applications beyond simple web browsers. 
HTTP and most other Internet Application Protocols are not secure or encrypted in 
any way. This means tlmt normal Internet transactions can be easily monitored or 
tanq>ered with as they pass through the Internet 

When users access the Internet using HTTP or any other InterKt protocol, they 
access the Internet through an Internet provider of some sort. This provide may be 
their en^loyer, an Internet Ca&, their own Internet Service Provkier (ISP) or some 
other provider. The user^s Internet provider passes the user's request on to the 
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sensitive informatioa It is possible for destination Internet servers that the user 
contacts to tog this information and use it to breach the user's anonymity. 

It is a gen^ object of the present invwtton to provide methods and apparatus 
capable of affording security, privacy ami anonymity on the Internet. It is also an 
object of the present invention to provide such methods aiKi appatdtus that are 
conq>atible with most Int^net applications inchiding existing Web browsers. 

According to an aspect of the invention there is provided a method of using the 
Internet which actively prevaits any togging by Internet servers, providers, routers 
and other machines associated therewith of details of destmation ates visited by a 
user or client and preferabfy, at least, hinders Internet Transaction 'snifBng' on 
insecure Internet transactions. The method also protects the anonymity of Internet 
users. 

The method may involve a user/ clioft establishing, preferably through an Internet 
provider, a connection with an intervening or intermediaiy site, the intermediary site 
then provKles access to destmation sites for the client without the destination sites 
being logged as having been accessed directly by the client. The onfy Internet 
activity of the client that can be togged by any Intend servers, providers, routers 
and other machines associated therewith is the access to the intermediaiy site the 
client. By vising an intermediary site, the method additionally prevents logging by 
the end destination sites of information as to the identity of the client. 
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Further, the comwctkm between the 

secure, encrypted connection to hinder Transaction *SiB£Bng' and foriher fedlitate 
client Internet privacy. TTie client to intermediary site connection is preferably 
secure even if the corresponding client to end destination site would otherwise not 
be capable of a secure connectioa Such a secure connection ensures encryption 
protection of user requests and responses, information sent through the Internet by 
the user (this includes the URL of the real destination site the user accesses) and 
information sent back to users. An example of an encrypted comiection is a Secure 
Socket Layer (SSL) comiection. SSL connections provide a pubBckey encryption 
ftamework widefy considered to be suitable for commercial exchange and data 
traasfenal and are considered secure. SSL encryption capabilities are built in to 
many Web browser clients today. Using SSL, web browser requests are sent to the 
intermediary server using HTTPS (Secure Hyper-Tect Transfer Protocol) instead of 
standard HTTP aiid these requests are transformed and passed on to the destination 

server usfaig either standard imp or HITPS depending on the secure c^ilW^ 
the final destination Server. 



Preferably in the method of the invention: 

1) A cUent establishes a secure connection with an intermediary site; 

2) Tlw client uses the secure connection to send a request for a destination site 

through the intermediary site; 

3) nie intermediary ate transforms the request into a standard Internet request 
containing onfy selected information as to the direct identity of the clienU 

4) The intermediary site sends the Internet request to tiie destination sfte; 
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5) The destiimdon site retimis the request^ 

6) The intermediary site transfonns ^ 

references therein, mto a response identified as befaig firom the intomediary site; 
and 

7) The intermediary site, usipg the secure connection, sends the resporise back to 
the client 

The user can read and process the returned destination site information normally and 
thm ynA^ a request for another desdnation site iteno. To do this the user can wnply 
enter another URL constructed in such a way that it is mterpreted through the 
mtermediary site. Ho^vever, in the case of a Web browse, the user may wish to click 
on a hypotext link wiOmi a viewed web page. Thus, m a practical nnplementation of 
tiie method of the invration, as well as transformiog the response mto a response 
identified as being fiY>m the intermediary the mtermediary ^ finds my 
references (links or other items) that refer to destination sites on the Internet; and 
transforms these references so that any future request made by the cliot using these 
references is made through the intermediary site. Thus the Web browser client can 
use the Internet securebjr, privately and anonymous^ through the, preferably secure, 
mtermediary server by either iiq)uttmg URLs directly or fay clicking transformed 
imVa on wb pages in a browser in the normal way to select destination ^tes through 
the mtermediary server. This transformation process means that Web browsers do 
rKit need any configuration changes (such as settiiig their pro^ server to the 
mtermediary servw), or any additbnal software in order for their communications to 
be 'locked' through the, preferably secure, intermediary server. 
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CBent programs use ports/ sockets to connect to server programs. Port numbers 
range from 0 to 65535 with numbers 0 to 1023 used for standard services, for 
example number 80 is used as the defeuh for HTTP and number 443 for HTTPS 
Web Servers. These defeuhs do not have to be used and preferably in the method of 
the present invention non-standard port numbers, Le. above 1023, are used when 
establishing connection with the fatermediary site. Ihis aJbws clients to use 
communications, particularfy SSL communications, through existing company or 
cyber-cafi firewalls without any reconfiguration. Intemet firevraBs often stop SSL 
communications within the standard 0 to 1023 range and are efifectively bypassed by 
using these non-standard port numbers altowmg a method, in accordance with the 
invention, to be used with a variety of firewaDs. A method to bypass Intemet 
firewalb uang Intacnet port nuinbCTS above 1023 is thCTBfore provided. 

Another aspect of the nwention provides a method for preventing "Denial of Service 
attacks" on the intermediary and destmation Intemet Sites. These attacks are often 
caused where a malicious client qjplicatfon repeatedly and r^idly sends requests to 
a destination site but does not wait for the responses. By doing this, the destination 
site is slowed down because it is continual^ sendmg a large number of (potertiaify 
large) Intemet req»nses to the malkaous client and has no time to service other 
client's requests. By keeping track of whether clients wait to receive the responses to 
their requests or not the intermediary server can address these "Denial of Service 
attacks". Preferabfy the method comprises holding back the passmg on of client 
requests to the destination site by some period of time, tiie length of w*ich is related 
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to the number of times the client has not been present to receive responses for the 
requests it has sent in the past. 

Another aspect of the invention provides a method of seiKiing or receiving an e-mail 
iwfaich actively prevents ai^ logging 1^ Internet servers^ providers^ routers and other 
machines associated therewith of details of the destfaiation of the e-mail or its 
contents. The method may involve the client establishing pr^iably through an 
Internet provider a secure, CTCtypted connection with an intennediaxy site and 
sending or receiving an e-mail through the intermediary site. The onfy activity of the 
client that can be logged by Internet servers, providers, routers and other 
associated machines is the access to the mtemiediary site by the client 

Another aspect of the invention provides a method of securely storing files on the 
Internet. The method conqnises the cfient establis^^ 

provider a secure, enoypted connection with a file storage site through the 
intermediary server, the client sending a file to the site through the secure connection 
with the intermediary server and the site storing the file. In the preferred 
inqylementation of this method, the intennediaxy site ofiEbrs the services of the file 
storage site itself for the iiser - removing the need for a second machine and second 
file transfer. The client can then securely save and retrieve the files by connecting to 
the secure intermediary site at any time. 

According to another aspect of the invention there is provided a method of 
establishii^ Internet communication between a client and any normal Internet 
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site. The inteimediaiy site acts as a virtual (and prefeiabfy secure) destination site 
for the clioit or user site and as a wtual client or user site for the destination site. 
This is to the extent that all logging entries on the destination site only show the 
intermediary site as the client or user and all logging entries on the clknt or user ^e 
only show the intermediary site as the destination site. 

The methods desmbed herein can improve efiSden^ and speed of Internet 
transactions. This can be by tte use of conq>resdon and other methods. Compression 
is particular^ impoTtaxA for increasing the efiSdency of the client connection to the 
Internet as this is usually relatively slow. Thus the introduction of an intermediaiy 
server that compresses transactions as the^ pass to and fiom the client is another 
aspect of the inventioa This can be achieved by using con9)ressed SSL 
communications vfbsie the client would otiierwise use unconqnessed Internet 
connections. 

According to another aspect of the invention there is provided apparatus for 
peiforming ai^ one or more of the methods of the inventioiL Preforabfy the 
apparatus comprises a server connected or connectable to the Internet, the server 
haiong means to allow a client to establish a secure connection with the server. The 
server may conqirise means to perform ai^ of the stq>s of any of the methods 
described herem. 
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request in the case where the destination is a nonnal Web Server. The normal 
Internet request, since it is sent by the intermediary site, contains information 
concerning the identity of the intermediary site and no information or only fimited 
information concerning the identity of the real Intmiet client The intermediary site 
sends the normal Internet request to the destination site containing the Internet item. 
The destination site interprets and actions the request normal^ and returns any 
response to the mtennediary site as the site that requested the ite^ 
site transforms the response to be identified as originating fix)m the request sent to 
the intermediary site and using the secure link returns the transformed response to 
the client The client interprets and displays the response normally. The client can 
use a similar secure link to make subsequent requests that are similarly processed 
The only ioformation relatioDg to Internet activity that can be logged or monitored by 
a bcal server or ISP is the accessing of the intermediary site by the client 
Importantly, smce the client commurucates with the intomediary sito over a secure 
link, it is not possible for any Interna servers or the client's ISP to monitor the 
Internet transaction's contents or even to log the final destination URL the client 
requested (secure^) from the intermediary site. 

As well as transforming the response to be identified as originating fix>m the request 
sent to the intermediary site, the intennediaiy site performs additional response 
transformations to Intemet items returned from the destination site. The additional 
refuse transformations are both client specific and inylementation specific and 
indeed may not be reqmred in some instances and for some i^lication protocols. 
Figure 2 illustrates an example additional transformation procedure. The 
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intennediaiy site locates ai^ links, refaences or other items that refer to real 

Internet sites aiKi transfonm these so that ar^r requests in^ 

requested via the mtennediaiy site. IHe intennediary site then returns the 

transfonued response to the Internet cBent. Tins W fotore requests through the 

Cprefeiabfy secure) intermediary site. For exanq^le, a Web Bro^ user can click on 

a iwertext link ^ a vie^ page to access a se^ 

page is accessed through the intermediary «te (foUo^ the stq« 

described ^ reference to Figure 1) rather than dk^ 
transformed. Dbect access, through an untransfom^ 

to the Internet via the intermediary «te bdng broken and normal v«b access 
resuming wUAcouWbek^ged or monitored by Internet ser^ 

A specific potential transformation of part of a Web site's response is shovm below 
for illustration purposes. A response returned by the destmation site to the 
intennediary site. mmJS^^smm^^ defines a link to another web site. 
^ISiSL^^. The corresponding HTML code segment containing the response is: 

This fine of HTML code is located and transformed to: 

jnTPp..»h1trft./^on»« cyhenir r^"'- r^«.M3QAEncrvnte(1www.«kP-net^ '> 

All other references, links and other Internet items would be similarly changed 
before the response is returned to the client. THe word -Encrypted:" and the «.2030« 
port number are inq,kmentation dependent and could be omitted or changed. The 
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noD-standaid port number of 2030 has been included here to by-pass bstemsi 
fiiewalls and consequently avoids potential need for client or firewall 
leconfiguratioa This exanq}le transfonnatbn is constructed to ensure that vAisik the 
vsa clicks on the link gmerated fiom the code segment, a request is sent through a 
secure connection flittps:/A to the intermediary server fwww.cvberarmour.com) 
bypassing any firewalls (:2030) and requests fix>m the intermediary server the 
normal HTTP flBncrvpted:^ Web Server item *www.gtaLnet\ 

A preferred enibodimat/ in[q)lementation, shown in Figure 3, requires no change to 
the client or destination server conq)onents. This implementation is suitable for 
cfirat i^lications that have existirig secuie communication c{9)abilities such as most 
Internet/ Web Browsers. The client iq>p]icatk>n connects securely to the intermediary 
server and requests a connection to a destination serwr through this secure link. The 
intermediary server transforms the request into a normal Internet request and sends it 
to the destination server on a ^'stream^ basis« Destination responses are transformed 
yAxsie necessary to &rce any ^eternal links and references to be via the intemiediary 
server (using a general process based on the method described with reference to 
Figure 2)« The transformed responses are also returned to the client on a stream 
basis. 

Using a stream basis the client requests and destination responses are passed/ 
streamed through the intermediary servra* as they arrive. Advantageous^, no extra 
cfient or destination server components or changes are required and no client or 
destination server speed penalties are seea 
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Ahcrnative implementations of the method are also envisaged. For instance, H is 
possible to pass Ae data through the intermediary server as a ''batch" operation as 
opposed to on a "stream'' basis. Hie intermediary server w,uld wait to transfer 
certain whole portions of requests and responses instead of as they arrive. To speed 
up this process, the intermediary site may cache the transformed requests and 
responses. Also, muM-stage variations could be used where requests and responses 
are treated as whole or partial files rather than streams with taslcs performed on a 

batched basis rather than a real-time basis wWch processes the data as tt arrives. 

It is also possible to inchide additional components on the client or destination 
server machines. These conqwnents may be for the provisbn of secure 
communication capaWfities and/or for performing part of the intermediary site 
procedures on the cU«it or destination server machine. Various optimisations such 
as compression and securing the intermediary to destination site comiection can also 
be implemented in tWs mamier. It is also possible to alter some cfient and destination 
components to remove the need for link and reference transformations. This includes 
setting the intermediary server as a web browser's Pro«y Server. It is 
distnbute the intermediary server process across several intermediary servers. 



niose skilled in the art will appreciate that there are numerous potential 
implementations within the scope of the inventfon as described. 
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CLAIMS 

1. A method affording privacy or anonymity on an Internet-type or other Communications 
medium, the method comprising: 

a) establishing a secure connection between a client and an intermediary site; and 

b) offering or providing one or more services through or on the intermediary site to the 
client. 

2. A method as claimed in claim 1, wherein the services include using the intermediary site to 
forward communications between the client and destination sites so as to prevent one or more 
of the following: 

a) any logging of details of the true destination sites the client has visited by machines 
capable of monitoring client transactions by means of the secure client-intermediary 
connection; 

b) any logging of the contents of transactions between clients and destination sites by 
machines capable of monitoring client transactions by means of the secure client- 
intermediary connection; 

c) destination sites finding-out the true origin or location of clients by means of formatting 
client requests to giving the destination site the impression that the intermediary site was 
the origin of the communication. 

3. A method as claimed in claim 1 or claim 2, wherein the services include one or more of the 
following: 

a) accessing of destination Internet sites by the client through the secure connection with the 
intermediary site and actively preventing any logging by Internet servers, providers, 
routers or other machines associated therewith that the destination sites have been visited 
by the client; 

b) sending or receiving e-mails while any logging of either the destination, source or 
contents of the e-mail is actively prevented; 

c) storing files securely on the intermediary site; 



dMransferring messages between multiple clients connectedt^^^^^^ 

d) transfemng messag ^^^^^ ^^^^^^ 

secure telephone, conferencmg, Internet Chat, wessag 

. J • «f H«ims 1 to 3 and further comprising: 

^cure connection with the intermediary site; and 

Am«lKKi .sdain^d of , he previous claims a.»l fWia compri^ng: 

for forwarding to a destination site; destination 
0 ™^g.here<,ues.i«o.s»»d,rdr«.»es..h..c»be.«e^e.edb,««de^^ 

«te as orifflnating at the intermediary; , „ 

« J^e««.«<^^".««— -<o*eaes™»<».s«eor. 

proxy for that site; , 

intermediary site; and 
g) „sing*esecu.»»ecUo„«,re«™*e«sponseback«,U«o„g«al=l.e«. 



6. 



A method as « in claim 5 and fur*«r c»pri.»g .he s«p of-an*rmi„g h-ics a»d 

rerl"i:.he„so«».a.«n^«.-«-e^-*«^»^^^ 
l^m the destination site is m.deb,fl»clie«*ou8hfl«.««-d«.ys«e.p.d«cUy.o^ 



destination site. 



, A m«hod as Claimed in an, one of claims 1 to« and «her comprising*. '"^^T. 
lILing .ha. a cli«« conneuion remans open » in.«-d.an, throughout a 
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communication transaction so that destination responses can be delivered to the client and 
that the client is not attempting an anonymous denial of service attack on the destination site. 

8. A method as claimed in any one of claims 1 to 5 and further comprising: 

a) sending or receiving e-mail by the client through the secure connection with the 
intermediary site; and 

b) actively preventing any logging by Internet servers, providers, routers or other machines 
associated therewith of details of the client, e-mail content, recipients and sender. 

9. A method as claimed in any one of claims 1 to 5 and fiirther comprising sending or retrieving 
a file by the client through the secure connection with the intermediary site and the 
intermediary site securely storing or retrieving the file. 

10. A method as claimed in claim 9, wherein the intermediary site itself stores the file. 

11. A method as claimed in any one of claims 1 to . 10 and actively hindering Internet transaction 
sniffing. 

12. A method as claimed in any one of claims 1 to 11, wherein the secure connection is an 
encrypted connection. 

13. A method as claimed in claim 12, wherein the encrypted connection is an SSL connection. 

14. A method as claimed in any one of claims 1 to 13 used to allow conuniinication with 
destination sites where the client is restricted fi^om directly accessing the destination site by a 
restrictive Internet firewall, proxy server, physical limitations or other apparatus. 

15. A method as claimed in claim 14 comprising the intermediary listening for client -requests on 
Internet port numbers above 1023. 



speed of communication transactions by either: 

accompanying drawings. 

18. Use of any of the methods of claims 1 to 17. 

19. Apparatusconfiguredtoperibrxnanyoneofthemethodsofclaimsltol8. 

20. Means to perform any of the methods of claims 1 to 18. 
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